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PCI Compliance 


PCI 


Automate, simplify and attain PCI compliance quickly 


Qualys PCI Compliance (PCI) provides 
businesses, online merchants and service 
providers the easiest, most cost-effective 
and highly automated way to achieve 
compliance with the Payment Card 
Industry Data Security Standard (PCI DSS.) 


PCI DSS gives organizations the guidance they need to ensure 
that cardholder information is kept secure from possible 
security breaches. Complying with the standard may seem like 
a daunting task, due to its stringent requirements. That’s where 
the cloud-based Qualys PCI comes in. 


Designed to simplify and automate the process, Qualys PCI 
discovers and maps all devices on your network to help 
determine which are in scope for PCI. It then scans all Internet- 
facing networks and systems, generates reports, provides 
patching instructions, and auto-submits compliance status 
reports. It uses the massively scalable scanning infrastructure 
of the Qualys Cloud Platform, the industry’s most advanced 
end-to-end solution for security and compliance. 
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Features 


User-friendly, guided approach 


PCI streamlines and walks you through the Payment Card Industry 
Data Security Standard compliance process. With tips, a friendly, 
intuitive interface, online help and 24/7 Qualys email and phone 
support, PCI lets you protect cardholder information from breaches. 
No need to hire costly experts to achieve compliance. 


Streamlined scanning and remediation 


PCI scans all Internet-facing networks and systems with Six Sigma 
(99.9996%) accuracy, generates easy to use reports and provides 
detailed patching instructions for each vulnerability discovered. That 
way, you'll make sure you’re meeting the PCI DSS requirements for 
protecting the collection, storage, processing and transmission of 
cardholder data. 


Support for web app requirement 


PCI also covers the standard’s requirement for maintaining secure web 
applications. Its Web Application Scanning module automates the 
evaluation of web apps during and after development, ensuring 
they’re built and maintained securely. The module conducts 
authenticated and unauthenticated scans within any web app type — 


custom-built in house, or commercial. 


Automated report submission 


An auto-submission feature completes the compliance process once 
you're finished with remediation. Enter your bank and merchant IDs 
in your account settings to activate this feature. PCI will send the 
compliance status report directly to the acquiring banks. You can also 
download PCI compliance reports in PDF. 


Qualys PCI is the most accurate, cost-effective and 
easiest to use tool for PCI compliance testing, reporting 


and auto-SubmMission. 


Benefits 


Unparallelled precision 
Scans for vulnerabilities with Six Sigma (99.9996%) 


accuracy 


Ease of use 
K Guides you through the compliance process with 
user friendly interface 


Turnkey convenience 
9 Covers all steps with end-to-end, comprehensive 


capabilities 


Peace of mind 
Approved by the PCI Security Standards Council 


Achieve PCI compliance and secure your 
network 


As an Approved Scanning Vendor (ASV), Qualys has been authorized 
by the PCI Security Standards Council to conduct the quarterly scans 
required to show compliance with PCI DSS. The cloud-based Qualys 
PCI solution helps you achieve compliance via a streamlined process 


that also gives you assurance your network is secure. 
© Benefit from the ASV requirements that Qualys PCI fulfills, including: 


e Disruption-free: When conducting a scan, Qualys PCI doesn’t 
interfere with the cardholder data system 


e No stealth software installations: Qualys PCI will never install any 
software on your systems without your knowledge and pre- 


approval 


e No dangerous tests: Qualys PCI will not conduct tests that 
overload your systems or cause an outage 


e Conforming reports: Qualys PCI produces reports that conform to 
the standard’s requirements 
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Follow an easy step-by-step approach and intuitive compliance tips in 
a user-friendly interface 


Automatically complete the required quarterly scans, and also scan as 
often as you like on an ad hoc manner, for PCI compliance and for 
identifying and remediating vulnerabilities as soon as they appear in 


your network 


Scan your network in segments and remediate/re-scan for 
vulnerabilities on target IPs. No need to scan your entire network 


Leverage 24/7 online help and email/telephone support for 
understanding and pursuing compliance 


Monitor all assets on premises and in private, public or hybrid clouds 


Scan web apps during and after development to ensure they’re built 


and maintained securely 
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Quickly eliminate security threats with 
detailed remediation instructions 


PCI DSS requires businesses to perform a network security scan every 
90 days on all Internet-facing networks and systems in accordance 
with a defined set of procedures. To achieve compliance, businesses 
must identify and remediate all critical vulnerabilities detected during 
the scan. Qualys PCI: 


© Automates and greatly simplifies scanning and remediation 


© Provides easy-to-use reporting of vulnerabilities that will cause you to 
fail PCI DSS 


© Uses the Qualys Cloud Platform to accurately scan vulnerabilities 


© Provides detailed instructions for each detected vulnerability, with links 
to verified patches for rapid remediation 


Auto-submit compliance status directly to 
acquiring bank 
Once you have met the validation actions, the Qualys PCI “auto- 


submission” feature completes the compliance process. 


© Automatically submits compliance status directly to your acquiring 
banks 


© Allows you to download PCI compliance reports in PDF to submit to 
your acquiring bank or to assist in remediation efforts 
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Overall Status 


In Account: 1 
Not Live: 0 
© Compliant: 1 
© Not Compliant: 0 
© Not Current: 0 


Generate reports 


Qualys PCI generates two PCI network reports that are similar but 
intended for different purposes: One designed to offer proof of 
compliance, and the other to serve as a remediation guide. 


© Generates PCI Executive Report for submitting to the acquiring bank to 
document PCI compliance. This report provides summary level 
information only 


© Generates PCI Technical Report for identifying vulnerabilities and 
prioritizing remediation. This report includes technical details to assist 
with remediation 


© Includes in the reports an overall PCI compliance status of “passed” or 
“failed” 


e An overall PCI compliance status of “passed” indicates that all hosts 
in the report passed the PCI DSS compliance standards set by the 
PCI Council. A host compliance status is provided for each host. A 
PCI compliance status of “passed” for a single host/IP indicates that 
no vulnerabilities or potential vulnerabilities were detected on the 
host. 


e |f you fail the assessment, you can view a list of detected 
vulnerabilities and potential vulnerabilities, including those that 
must be fixed to obtain compliance as well as vulnerabilities that we 
recommend that you fix. View detailed remediation information. 


m © = 


Vulnerabilities 


Potential Vulnerabilities 


0 E HIGH | 1 
1 @ MED | 0 
2 | [stow | 0 


Powered by the Qualys Cloud Platform 
- the revolutionary architecture that powers 
Qualys’ IT security and compliance cloud apps 


Sensors that provide continous visibility Respond to threats immediately 
On-premises, at endpoints or in the cloud, the Qualys Cloud With Qualys’ Cloud Agent technology, there’s no need to 
Platform sensors are always on, giving you continuous 2-second schedule scan windows or manage credentials for scanning. 
visibility of all your IT assets. Remotely deployable, centrally And Qualys Continuous Monitoring service lets you proactively 
managed and self-updating, the sensors come as physical or address potential threats whenever new vulnerabilities appear, 
virtual appliances, or lightweight agents. with real-time alerts to notify you immediately. 

All data analyzed in real time See the results in one place, 

Qualys Cloud Platform provides an end-to-end solution, allowing a nyti me, a nywhere 


YOU GCS NE pepan Eomp exe ntar comen SELECT Qualys Cloud Platform is accessible directly in the browser, no 


Ha Mc gle aaas aly veie Take ele COs. Peo plugins necessary. With an intuitive, single-pane-of-glass user 


Ho obnakce y Renars abe) ciel aS E aCA Ly eia Oore Nae Cele interface for all its apps, it lets you customize dashboards, drill down 


in a scalable, state-of-the-art backend, and provisioning additional into details, and generate reports for teammates and auditors. 


cloud apps is as easy as checking a box. 


Cloud Platform Apps 


Qualys apps are fully integrated and natively share the data they collect for real-time 
analysis and correlation. Provisioning another app is as easy as checking a box. 
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Threat Indication of Cloud Security Web Application 
Protection Compromise Assessment Firewall 
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Request a full trial Cunlimited-scope) at 
qualys.com/trial 


It’s an out-of-the-box solution that’s centrally managed and self-updating. 
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